Human errors is increasinly leading to data breaches in South Africa. Experts say that cybercriminals are becoming more smarter with the help of AI.
Image: Supplied
HUMAN error has emerged as the leading cause of cybersecurity breaches in South Africa, and experts have warned that even a single careless click can lead to the downfall of an advanced digital system.
As cyber threats continue to escalate at an alarming rate, available data shows that at least 34.5 million accounts were breached in South Africa in the first quarter of 2024.
Nikita Naicker, PI Tech and Cyber Underwriter at SHA Risk Specialists, says the key difference between a data leak and a data hack or breach is intent. “A data leak happens when an internal party or source exposes sensitive data, usually unintentionally, whereas a hack or breach is orchestrated by a cybercriminal who intentionally and unlawfully breaches a network to steal data or hold that company ransom for lucrative gain,” she said.
Naicker explained that cyber threats are becoming more sophisticated, and AI is playing a growing role in executing advanced attacks. Despite this, businesses don’t necessarily need to invest in expensive new technologies.
“Instead, they should create a culture of cyber awareness, strengthen IT infrastructure, and maintain stringent internal governance. These are effective ways to mitigate risk and are a good starting point for a company,” she said.
“Given that cybersecurity is very specific and niche, it is very important for companies to reach out to experts in this area for guidance and assistance. There are many cybersecurity firms and consultants which can be relied on. From a cyber insurance perspective, lead cybersecurity firms offer 24-hour incident response, ransom negotiation experts and qualified expert legal counsel,” said Naicker.
She said staff training and awareness are key to avoiding devastating data leaks and legal consequences, which can be mitigated by having robust cybersecurity protocols and governance in place.
“A threat actor will use manipulative tactics in order to gain access to an entity or organisation, and if they are unsuccessful in doing so via the IT infrastructure, the next biggest vulnerability in an organisation is the workforce.”
Naicker noted that South Africa has the second highest number of data breaches on the continent. Citing Fortinet’s 2024 Security Awareness and Training Global Research Report, she said 70% of South African businesses are currently exposed to growing threats due to a lack of even basic cybersecurity awareness.
She warned that the Protection of Personal Information Act (POPIA) is a significant piece of legislation that places increased responsibility on companies that collect and store personal information - and holds them accountable for its misuse.
“In the context of a cyber breach or hack whereby data has been stolen and held at ransom, it places the company which has been breached exposed to third-party liability claims, as the data subjects whose information would have been stolen could be in the hands of a cybercriminal and used for other reasons. The regulator then may in turn impose fines, penalties or prison time for a failure on the part of the company to adhere to Data Protection Regulation,” said Naicker.
According to global research by Sage, keeping abreast of new threats is the biggest challenge for 51% of SMEs, followed by ensuring employees know what’s expected of them (45%). Some 56% of SMEs want cybersecurity companies to do more to educate and support them, while 45% believe the responsibility lies with governments, and 43% with trusted tech partners.
Philip Meyer, VP Product Engineering HR & Payroll at Sage Africa and Middle East, said small and medium-sized businesses are increasingly caught in the crosshairs of cybercriminals.
“With large enterprises ramping up their spending on cybersecurity, hackers and malware authors are focusing their attention on smaller businesses,” said Meyer.
“These are more vulnerable to attacks because they have less human and financial resources to dedicate to protecting their infrastructure. It is hard for them to make informed risk management choices about which tools to invest in and what risks they can live with in the absence of reliable advice and affordable technology,” he added.
Meyer said the issue highlighted the need for small businesses to get the basics right, especially given the reputational risks of data breaches, the cost of business interruptions, and mounting evidence that regulators are losing patience with organisations that fail to comply with data privacy laws like POPIA.
Ben Aung, Chief Risk Officer at Sage, said a resurgence of ransomware and cyber extortion attacks would dominate the cybersecurity agenda this year.
“Businesses should strengthen defences by continuing to focus on the highest impact security measures, such as patching, endpoint detection tools, multifactor authentication, privilege access management and employee awareness.”
Aung warned that generative AI would increasingly be used in phishing attacks, allowing cybercriminals to craft highly convincing communications that are more difficult to detect. “Companies must ensure their employees are educated about these new and evolved risks and can spot attempts and report them quickly.”
He added that supply chain risks would also come under greater scrutiny, as attackers begin targeting critical vendors to gain leverage.
“To mitigate this risk, businesses should conduct thorough due diligence on suppliers' security practices, enforce security requirements in contracts, and develop robust contingency plans for potential disruption.”
Aung also recommended that businesses simplify the implementation of common security controls. “When these features are user-friendly, small businesses are more likely to implement them effectively, enhancing their overall security posture,” said Aung.
Stu Sjouwerman, founder and CEO of KnowBe4, a cybersecurity awareness training and simulated phishing platform, said human risk remains an underestimated threat.
“Despite significant advancements in technological defences, human error remains a leading cause of data breaches and security incidents,” he said. “Multiple industry studies and research reports consistently show that between 70% and 90% of data breaches involve some form of human-related cause - whether through social engineering, errors or misuse,” he added.